Netgate pfSense Reviews

We primarily use the solution as a replacement for commercial firewalls. We use it as an Internet Gateway Firewall product and use the VPN features.

pfSense helped solve the limitations of proprietary software. I find it frustrating when the hardware capabilities of a particular piece of equipment are doled out piecemeal for a fee. For example, when certain features are locked until you pay for them. The proprietary nature and the extra computing power that's used to basically enforce the copyright on some of the competitive products I resent. I like that this has a community option. I'm an open-source advocate. I started using Linux in 1999, and I prefer that developer model.

There are many capabilities within pfSense, that I've never used, and that's true of a lot of products. It's very flexible, and they have plug-ins.  You can add features to pfSense. It is moderately difficult. That said, the web interface is great.

I like that I can use it with OpenVPN. It's not licensed and is not run by some corporation that watches you.

It has an advanced file system so that you can configure it with multiple drives and have redundancy within the router itself. I've never used it as a file server. I've never used it as a data store. It's really more about security and not reliability.

It's keeping the bad guys out and allowing connectivity when you need it.

The configuration could be a little more intuitive. It's a little trickier to set up - things like the OpenVPN - than it should be. However, once you get this configured, it seems solid as a rock, and it just works. 

The solution needs better error messages in the VPN. It's kind of a bear to configure. That could be streamlined or smoothed out. That said, I do not do this 40 hours a week like some people. I wear a lot of different hats. Still, when it comes to configuring, it always seems to be a little more involved. 

I've been using the solution for three or four years. 

The solution has been very solid.The BSD file system is a little more fragile than a Linux file system. I've had situations where a power failure causes a hard drive not to get corrupted but to need to run maintenance on it when it reboots. However, that's not a pfSense issue. Overall, it's been great.

I'm not a power user. For me, the capabilities are fine. It runs pretty fast even on modest hardware. 

Technical support was good. It was way better than the twenty-four hours that the contract said. They usually get back to me in a matter of a few minutes. 

They are very good at answering and solving specific problems. If something doesn't work, you can give them access. They can figure it out and make it work. 

I was less satisfied when I tried to ask a question like, "Is this the best way to have this configured?" It's a slippery slope of going beyond the typical tech support and actually getting consulting on it. I understand that maybe that's not their problem. However, it did seem like there's this hard wall where they will answer specific questions, but they are not going to give you general consulting advice about how to use the product. That is a little frustrating. 

Positive

I've used SonicWall and I've used various commercial firewalls, for example, Cisco. However, I haven't evaluated other things in the same category based on open source. There are a lot of them; I haven't looked at anything else, to be honest.

It's easy to get it going as a firewall. It's moderately difficult to get the VPN features running. I was able to deploy it within a couple of days. 

Maintenance is needed for upgrades or renewal of certificates.

I managed the setup myself with the help of the pfSense support staff. 

I use the community version, although there is a paid version as well. I've also downloaded it, registered myself, and paid for it to get support. I'm not sure of the exact features that differ between free and paid. 

I'd rate the solution eight out of ten.

The only shortcomings are somewhat obscure configuration issues. However, the scope of what they're trying to do is very good. While there could be more polish on some configurations, it's very capable and very flexible. 

If I had to do it over again, I would probably have actually gotten the hardware from NetGate. You're paying for the support, and bundling the hardware and support together might be better. I sense that you'd kick yourself up a notch in terms of the priority that they give you. Not that there's ever been a problem. Getting the hardware directly from pfSense might cut out the middleman and reduce the possibility of issues when something goes south. Other than that, I'm a pretty fairly satisfied customer.

We are a large church, and we use Netgate as the main firewall appliance. We have multiple WAN connections coming in, and we have about 500 endpoints connected to our network, so we use it to make all the bits travel where they need to be.

We were using some other products that were closed-source, and they did not have some of the features that I liked. I liked OpenVPN. In terms of the VPN infrastructure, I had a lot of great information from people online. I could follow a lot of reviews and very good technical documents. It was about unchaining myself from a different licensing program that was charging me almost an extortionary rate for a firewall appliance but did not give me any better security than I would get through pfSense.

I like the idea of packages because I work on Linux all the time. Adding packages is a nice way of adding features. We do iPerf3 testing. With just a few clicks, I can have an iPerf3 server set up on my pfSense. All the tooling has been easy to integrate.

Everybody loved it when I switched over to the VPN. It was easy to use. OpenVPN has a great piece of software. Everybody loves how easy it is to use the VPN to get onto our network but also how secure it is. 

The fact that I do not hear much about it is one of the best parts. The Internet has not been 100% solid here, but we never get to know it because the WAN failover takes us from one endpoint to another without even noticing it. I had the Internet provider come, and he was going to change some hardware. He was asked if we needed to tell anybody. We did not because they would not even know that we were doing it. That is a pretty good feature that it works so flawlessly. If you are going to take your main connection to the Internet down, you have two backups, and nobody is going to know the difference.

I can look at my network as a whole. It is great to see the traffic on my network. I can see where it is coming from and where it is going, and I am able to follow through. The screens are helpful for telling the story of what is going on at the moment with the data. I look at my firewall quite often. If there are any questions, that is one of the first places I go to for troubleshooting.

pfSense Plus and the service program have definitely helped minimize downtime. The fact that I have help on the way anytime I need it is great. I do not have an estimate about the reduction in the downtime because as soon as I got here, I swapped over. I do not have any previous data points on that.

Running their hardware and software helps a lot with the performance.

The customer support is very good. Setting up the VPN is pretty straightforward and easy. 

We have multiple VLANs, and with assistance, it was easy to get everything set up and running in our organization the way we needed it to. We have the flexibility and the ability to adapt things over time as needed. When I needed to add an extra WAN connection, I could. It was not locked behind a paywall. I did not have the issue of not having enough ports on the machine for that. I had all the ability and all the hardware I needed to do all the things that I needed.

When we were setting up VLANs, there was some information about the way the ports, switching, and other things were done inside. Their UI could have hidden some of the complexity better so that it was easy to understand or more general. They could have given some more clarification on the markings on the outside of the machine. There were some questions as to what port was what and how that links to what was being asked in the software. Those things were not always very clear.

The features that I wanted have been added, but I have not taken the time to look at them. I am a big fan of WireGuard, and they have added that, but I have not taken the time to install it yet. Its features are complete for our needs. If I have to ask for anything, it would probably be more education on bolting on some of the XDR platform stuff that is out there, but it is feature-complete. I know that all this exists. It is just taking the time to get educated on it, which is probably on my side.

I have been using Netgate pfSense for about three years.

I have not seen any downtime, so I have to give them a ten out of ten on that. There has not been a time when it has not done what it needs to do.

There is a long way to go above me, but I would not be looking to change if we grew by a lot. I would rate it an eight out of ten for scalability, but I do not know what it would be like in a data center.

It is being used at a single location. We are a fairly large church that has quite a bit of data flowing in and out, but we have just a single location. It is me who works with it, and I have a junior sysadmin and our managed service provider working with it. Three of us interface with it.

They are amazing. They are great. They followed through very well when I had issues. Usually, the issues I had were kind of self-inflicted wounds, and they walked right through everything with me with great continuity. I cannot say enough good about them. I would rate them a nine out of ten.

Positive

We used Sophos. One of the main reasons for the switch was the license model. The way they charge for their software was pretty expensive. I did not feel that we got a lot for those IT dollars. I knew that I could set up pfSense and pay for the service plan so that I have a live person on the other end to help me when I needed it and it would still be way under what we were paying for Sophos.

It is deployed on-prem. We have a couple of Netgate appliances. We have one that is a spare and we have one running in production. In case one goes down, we will just move over to the other. We have a couple of pieces of equipment in our rack locally.

My managed service provider helped me with the deployment. In one night, it was done. It was pretty painless.

In terms of maintenance, there are always updates to do.

There were three of us involved, and it took about four and a half hours to get everything configured. From taking out the old to getting the new in and getting it configured took about four and a half hours.

Compared to what we were doing with Sophos, it provides a great value financially and in terms of time savings. For the most part, I do not have to mess with it. It does not require me to go in and touch it unless I have something I want to change, and that is a win. The upgrades are easy, and they have been flawless. That is a good return on investment. That dollar is well spent.

We are probably paying about 30% of what we were paying previously.

The price is fair. I buy the Netgate hardware so that I can support pfSense and Netgate and I have somebody designing the next layer of software for me in the future. I like their model. It is a high-value piece of equipment with a great team behind it.

With the inclusion of firewall, VPN, and router functionalities, we get a good value.

I would recommend it because it is a good value in terms of the price, performance, scalability, and usability of the metrics that it gives. It is definitely what I would go with.

I would rate pfSense a nine out of ten. It would be a ten if they offered free training and told me about what the free training is. There are probably a few things out there like that, but more one-on-one free training would be the main thing they can do better.

We use pfSense in our clients' offices to provide secure network access. For remote workers requiring private network connectivity, we deploy a Netgate pfSense router in both the office and the user's home office, establishing a robust IPsec connection between the two. This configuration offers superior security compared to alternatives like OpenVPN, as remote users simply need to connect their LAN cable to the home pfSense for immediate and secure office network access. We primarily serve small organizations with 10 to 200 employees, deploying a pfSense router in each main office and providing OpenVPN or IPsec connectivity. Additionally, we offer optional pfBlocker-NG integration for advanced threat protection, enabling the blocking of traffic from specific geographic regions or known malware sources.

We have several sites with multiple or backup-wide area networks. We use pfSense to manage these networks, configuring them for load balancing or backup as needed. To authenticate OpenVPN logins, we leverage Active Directory on our Windows Server, simplifying user management. Office managers can easily disable both Windows and OpenVPN access for users without needing to access pfSense directly. This centralized approach requires only a single robust passphrase for users to access both the VPN and the Windows domain.

I am accustomed to the interface and find it quick to use. However, I think a new user might need some time to adjust. That said, I've been using it for over 15 years.

As a network administrator, I fully understand the benefits of pfSense before deployment. While end users may not immediately recognize its advantages, I appreciate its value in eliminating the need for costly licenses associated with other firewalls like Barracuda and Checkpoint. PfSense offers a comprehensive suite of features, including VPN, user management, and advanced DNS, without requiring additional fees. This cost-saving aspect is a significant selling point for me when replacing older firewalls with Netgate pfSense. Not only do we improve network security, but we also reduce ongoing expenses, a benefit that becomes apparent to clients over time.

Adding features in the packages section of the interface is quite rapid, especially when limiting options to available packages. However, configuring unfamiliar or infrequently used packages requires research and time, ideally by someone with networking and firewall experience. While pfSense is not entirely plug-and-play, the basic setup is straightforward; adding features demands more technical knowledge. So, feature addition is easy, but configuration can be moderately complex.

pfSense can help prevent data loss by making it difficult for hackers to breach networks. However, most data loss incidents we see result from end-users clicking on malicious links or email attachments. When data loss or ransomware occurs, the issue typically lies with user error rather than pfSense. I believe that the networks I configure using pfBlocker, which restrict communication primarily to the continental US and other approved countries, may help block ransomware. Still, I cannot quantify the frequency of such occurrences.

Approximately ten percent of pfSense routers experience critical issues requiring a factory reset. Previously, this process involved contacting tech support and providing detailed information. However, pfSense has simplified this by offering self-service image downloads. This improvement significantly speeds up customer recovery time. Additionally, Netgate's pfSense Plus hardware comes with a Zero-to-Ping warranty, enabling easy setup and troubleshooting for end users. While not entirely plug-and-play, most users can easily install these routers, and Netgate's warranty provides additional support if needed. I've successfully utilized the Zero-to-Ping warranty several times and believe it is a valuable resource for both technicians and end users.

pfSense has helped enable data-driven decisions. It allows me to communicate the need for faster WAN lines to client management by providing concrete evidence of network performance. Additionally, pfSense offers detailed insights into OpenVPN user activity and IPsec traffic, facilitating targeted problem-solving. For instance, I can readily identify slow IPsec connections for remote users, such as user X, and advocate for necessary improvements based on these data-driven findings.

OpenVPN, IPsec, DHCP, and DNS are the most valuable features. I will also include pfBlocker-NG later in the list, but only a couple of sites use this feature. 

pfSense does offer a convenient single-pane dashboard, but I believe it could be improved with additional features. For instance, an administrator log for team members to record notes, such as adding a nameserver, removing user accounts, or other relevant information, would be beneficial. This simple log within the main status page could enhance communication and collaboration among the admin team. While the current status screen provides most of the necessary information, this extra feature would be a valuable addition.

It would be beneficial if Netgate provided a table outlining the recommended maximum WAN port speeds for their various models.

The documentation doesn't align with what I'm seeing on the console. This is frustrating because the online documentation doesn't match the dashboard, leaving me unsure of the correct steps to take.

I have been using Netgate pfSense for 16 years.

I would rate pfSense's stability a perfect ten. When I replace consumer routers with pfSense for small businesses with two or three employees, they are often amazed to discover the router can run for a year without a reboot. This starkly contrasts their previous experience with consumer routers that required weekly or bi-weekly unplugging.

I have been pleased with pfSense's scalability. While I haven't explored all its features, I have successfully backed up an old system and restored it to a new pfSense device, which I consider an upgrade. I know additional capabilities like load balancing and backup device management but haven't implemented them due to a lack of current need. PfSense offers much more potential than I've utilized.

The quality of the support is high. While the speed used to be somewhat slow, I've noticed a significant improvement in recent calls, connecting with a representative quickly within the past year.

Positive

We've used multiple firewall solutions over the years. Twenty years ago, we implemented Monowall. Subsequently, we switched to Barracuda, which proved highly problematic and required frequent technical support intervention. Our next choice, SonicWall, was an improvement over Barracuda but still presented challenges. Specifically, SonicWall's licensing model is burdensome, as it necessitates constant management on my part, a task end-users are unwilling or unable to perform. Though less frequent than with Barracuda, technical support interactions are still necessary.

Initial deployment is straightforward, taking approximately half an hour for each unit. While pfSense is not the issue, challenges often arise due to clients' limited understanding of their network configurations. A single person can effectively handle the deployment process.

I appreciate that pfSense eliminates the need for extra payments, license management, or feature limitations. This cost-effectiveness and its reliable Zero-to-Ping guarantee is its most compelling aspect.

The pricing seems fair overall, but I think they need more reasonably priced options for very small offices. They currently offer a few affordable units at the lower end, but then there’s a significant price jump to the next level. I remember they used to have a model around the 2100 range that was a good middle ground. I believe they should offer more choices between the lowest tier and the next one in terms of hardware. Additionally, I'd like to see a per-incident support option, which I don't think they currently provide. I haven’t checked their support options in a while, so I could be mistaken. However, in the past, they only offered annual plans. If I encounter a specific issue, I would prefer the ability to pay a one-time fee for complete support on that particular problem.

The total cost of ownership is great. pfSense is our most recommended appliance for router, firewall, and VPN functionality. 

I would rate Netgate pfSense nine out of ten.

Users don't need to do anything to maintain the system, but I like to check all pfSense instances every few months, install updates, and look for any irregularities. I try to check every single pfSense system if possible. pfSense needs to be manually updated.

I have the Netgate 6100 firewall with pfSense at my house, and I also have several business clients on it. I use it for site-to-site VPN from one doctor's office to another so their PBX phone systems can replicate across the network. 

PfSense helps prevent data loss. It's a firewall, so unless you open ports, they are completely closed off, and nobody will crack into your network. You can set up various rules that will let you know if you have an intrusion or block an IP address, country, etc., for malicious threats. 

I haven't experienced any downtime with the 6100, but I've had problems with the Netgate 2100 appliances. One of the data-driven procedures is performance. If you make a change, your traffic comes up almost immediately. If I had to compare pfSense to SonicWall, I probably wouldn't use SonicWall based on the boot time. When you have to restart the system or something like that, pfSense is quick, whereas these other firewalls will take 10 minutes to come back online. 

The visibility pfSense provides helps optimize performance. Some of the stuff is visible in their charts and graphs. You can see their traffic moving in real time. That's beneficial to me, especially if I'm looking for something. For example, if you're looking for an IP address that's seeing a lot of data, you can narrow it down to what device it is.

The most valuable aspect of pfSense is the community. If you have a question, you can post it on the forum. The backups are also good. I restored it from a hard drive recently and was back up in 10 minutes. 

I like pfSense's flexibility. It lets you install it on multiple applications, such as a VM, appliance, or white box. For a short time, the community edition had a free upgrade to the Plus edition, so you could technically download the version and convert it into a Plus version. They offered support there for a while, but I don't know if they still do. 

If you log into it, it is a single pane of glass, but the features are scattered everywhere. If you make a firewall rule and you run a port, it will automatically make the firewall rule for you, so you don't have to do that. That's convenient versus some firewalls where you have to make the net rule, then you have to make the firewall rule to allow the net to operate. 

It's easy to add features, but some require configuration. Depending on the feature you're adding, that can be tricky. I wish their GUI were easier to use because it's always been scattered instead of having everything in one column. You have to click one thing to get something to work kind of like UniFi. You have to be a little techie to get it working as you want. The only other problem I've encountered is that sometimes it has buffer bloat, and you have to go in and change some firewall limiter rules to get the bloat to go away. Once you get it down and have done it a couple of times, it seems fairly straightforward. 

If the GUI interface were better, that would be a huge benefit. There's a fork of pfSense called OpenSense with a far superior interface. Everything's in the left-hand column. When you click on one item, you see everything listed under a single tab. You don't have to jump back and forth through the program. 

Everybody is sometimes scared of open firewalls, but they get updates regularly. I check them all the time. I wish it had an app or some alert feature that you could set up. That would make it a little bit easier if something went wrong because you usually don't find out until the last second.

I've used pfSense for 10 to 15 years.

PfSense is highly stable. I don't typically have any crashes. Usually, it's hardware problems, such as a hard drive or memory chip. Beyond that, I have had no issues with any appliances that pfSense installed.

The scalability is good because if you have two identical devices, you can do high availability, so it's highly scalable. 

I rate Netgate support 10 out of 10. Netgate technical support is just phenomenal. If you pay for support, they're on it right away. I've had to call them a couple of times and ask for a system image for some of their lower-end devices. I've noticed that an upgrade will sometimes break them. You can take the serial and model numbers, send them an email, and they'll send you the image. You just download the image, flash it over onto the device, and restore from the backup.

Positive

I've used UniFi's Dream Machines, FortiGate, SonicWall, and OpenSense. I've got one instance of OpenSense out there. They're all about the same in performance, but everything has its own learning curve. The learning curve of pfSense is higher than OpenSense because of the GUI, which is a little confusing and intimidating for someone brand new.

A brand-new user might be confused, especially if they don't have too much networking capability. If you have a white box and download the software, you need to configure everything, including the network interface card, but if you buy an appliance, you should be able to plug into a port and get an IP address. That's not the case with the community. It isn't. For those who want to dabble and play around with it, there's a bit of a learning curve there at the beginning on how to get it. They have some good documentation, but it's a little confusing.

I can have it running in 10 minutes. It depends on what you're doing and whether you have VLANs, which can be confusing to configure. But you can set up a simple home user with no VLANs in 10 minutes. For maintenance, it'll tell you if there's an update, but I typically wait a while before I do the update to ensure that it's solid. They do good testing on it, but I've had some problems where it breaks something else when they do an update.

The price of pfSense is on par with everything else. It depends on how big an appliance you buy and whether you're purchasing it directly from Netgate. Some rack-mounted systems are expensive—a couple thousand bucks. The one that I use at my house was $700.

The total cost of ownership isn't too high or too low. I think it's right where it needs to be. Obviously, with new appliances and faster technology, your prices will go up, but that's expected with any product you buy. It was all free when I first started using it, and you could put it in any box you wanted to buy. 

I rate pfSense eight out of 10. The reason I give it an eight is that the GUI needs to be cleaned up a little. I think Netgate would sell more if the GUI were a little more like Opensense. Before buying, I would test the community edition on a virtual machine and select an appropriate appliance based on your deployment. 

The solution's most valuable features are high availability and the VPN options. Netgate pfSense has the ability to support multiple interfaces and spin up virtual IPs.

What drew me to Netgate pfSense from the beginning is that it's free, open-source software. I wanted the solution for additional control over firewall routing, and there wasn't really anything else on the market that would do that.

Netgate pfSense is very flexible. I like that it can run on enterprise bare metal and Raspberry Pi. Obviously, Netgate has a lot of appliances ranging from extremely small to extremely large.

pfSense Plus is extremely low-cost. Its comparative features include high availability, the ability to tune system variables, and support for hundreds of interfaces.

It would be great for the solution to have better logs. Some of the solution's graphs that show visibility on system performance or session count lack resolution. For example, you may only be able to see the session count by day if you want to look back more than a month.

In contrast, we would want to see the session count fluctuate by an hour or five-minute increments. It would be helpful to be able to query larger data sets, even if you had to break them up into smaller subsets.

I have been using Netgate pfSense for seven years.

The solution's scalability is very poor past 5,000 clients and impossible past 10,000 clients.

I had a very poor experience with the solution's technical support.

Negative

I switched from Netgate pfSense to Fortinet. Scalability and high availability are significantly better with Fortinet. It took me about 10 to 15 hours to set up high availability in Netgate pfSense just because of the way it works with virtual IPs and CARP.

On the other hand, it takes about 15 minutes with Fortinet. It's just a completely different experience. Also, the performance availability for appliances is a thousand times better with some of the higher-end offerings at Fortinet versus the highest-end offerings that Netgate has.

The solution's initial setup is difficult because of the extensive setup it takes to achieve high availability.

In our case, it took us around 40 hours to fully deploy the solution from start to finish.

I think Netgate pfSense's TAC or support is a little expensive, considering how inexpensive everything else is. Netgate's most expensive appliance costs around $5,000. However, an annual subscription to TAC costs around $1,000, which is roughly 20% of what you pay for the hardware. It seems a little excessive.

I would say it's pretty easy to add and configure features to Netgate pfSense. However, if you add features that Netgate does not officially support, you can run into issues with your support contracts. It's easy to add features, but it's extremely difficult to support something that is not an official Netgate plug-in.

We saw the benefits of Netgate pfSense pretty immediately after deploying it. We have been scaling, though. As we got to a very large deployment across different sites, we started to see additional problems, but then we also saw additional value added. Initially, there's a lot of value, which increases over time, but eventually, you hit a wall where it's just not that valuable.

On the surface, it looks like pfSense Plus provides visibility that enables data-driven decisions. Unfortunately, after many back-and-forths with support, they say that it looks like the firewall has done something, but there's nothing in the log. There's no data to support their theories. On the surface, it looks like it should, but we found in practice that it was missing a lot of data that would help us make decisions that we needed to make.

The solution's total cost of ownership is good for what it is. I don't think I would ever use it in an enterprise environment anymore. As a value proposition, it's really good for a small business application or a company with multiple sites that you need to be able to interconnect.

You can set up an entire ecosystem for $ 5,000 to $ 6,000 with top-of-the-line hardware from Netgate. Unfortunately, with our user account, throughput, and bandwidth, we've just outgrown it and can't use it anymore.

We've bought appliances for Netgate pfSense's deployment, and we've also deployed the solution on separate machines. Most recently, we used the appliances.

Technically, we never got Netgate pfSense to a good solid state. For the four to six months we had it in production, it was constantly down and needed at least 20 hours of maintenance a week.

Overall, I rate the solution a six out of ten.

I use it for my firewall at home and when virtualizing labs to do routing between different network segments. I use it in the business that I am currently with at our main office and our other site. I worked at an MSP before that, and it was the firewall that we recommended to clients who wanted to go beyond what you'd buy at Best Buy, like the random Linksys or Netgear. I haven't touched the enterprise level, like the expensive ones where you might have 20 different Netgate segments with failover.

We deploy it either on bare metal or virtualized on our own virtualization platform. We have not deployed it on any cloud. The primary cloud services we use are software as a service, so our firewall doesn't apply to that. If we ran our own set of servers in the cloud somewhere, we'd probably consider pfSense for routing between them, but we don't have that use case.

When I started using it back in the day, someone told me that there's this firewall you can install on an old PC to get all these features that are normally only available on expensive enterprise firewalls. 

I realized the benefits immediately. When I installed it, I had access to features like multi-WAN, which is more common now. You can get small home office routers with multi-WAN these days, but when I started a decade ago, it cost thousands of dollars and required enterprise equipment. It was mind-blowing that I installed it and could hook up two Internet connections for no extra money.

It doesn't directly prevent data loss because pfSense doesn't have a DLP function, but the security aspects, like the pfBlocker, ClamAV plugin, and proxy, are all great. The security components help prevent data loss by securing the network. As far as I know, pfSense doesn't have a data loss prevention function that scans for somebody trying to exfiltrate data. 

The failover or load-balancing WAN helps reduce downtime. It also supports high availability between two firewalls, although I've never set that up. Those would minimize downtime of the firewall individually and the company as a whole.

We don't use it that way, but it has extensive logging. If you were to dump all those logs into something like Graylog, Elasticsearch, etc., you could analyze and decide based on that data. We don't use it like that, but I know that with the extensive logging that it has, it could be used that way.

PfSense has an excellent ability to optimize performance, especially with the plugins. It helps me determine where my bandwidth is going and get reports on latency, jitter, etc. I use all of these features regularly. If the internet is slow, I can go see who's hogging it by downloading giant files, or I can identify where there's a lot of latency on a particular gateway.

I like that there's a community edition that I can install on my own virtual machines or hardware. I can test things without messing with them in production, which is incredibly useful. If you have a Juniper or Cisco, you can typically only afford one. 

You're forced to make changes in production and hope they don't break anything because there's no easy way to have a testing environment. The free version of pfSense offers load balancing or failover WAN, which is also helpful. Most commercial firewalls don't have that in the cheapest iteration of the hardware. 

The community edition makes it easy to learn because you can try it before buying it and putting it in production. There's no equivalent if you want to buy FortiGate, WatchGuard, or any of those and fiddle with them on your hardware before putting it in production.

Many plugins for pfSense are easy to install off the store, and they work. The basic function that you want to do are pretty easy. However, it is more complicated than your average home office router, but that's to be expected. The fact that it is an open-source project that's trying to be all things to all people does mean that sometimes things can get a little bit complex, sometimes unnecessarily. For example, the IPSec VPN setup has five hundred options, probably more than anyone needs, but it works. Their documentation is excellent. In instances where you might not figure it out on your own or the interface might not be super clear on how to do something, the documentation is usually good 99 percent of the time. 

I appreciate pfSense's flexibility. I can buy supported hardware from Netgate with it already on there, buy support for my own hardware, or run the community edition on my own hardware or a virtual machine and get all of the same functionality. 

Snort or Suricata don't block things they should out of the box. It's always been a pain point of pfSense. If you turn on Snort or Suricata for IPS or IDS, no setting is effectively set and forget. Turning any commercial firewall to the lowest setting will provide you with a decent amount of security with almost zero false positives, but pfSense is not that way. You've got a babysit Snort and Suricata to the point where sometimes you turn it off.  

I know one of their rising competitors, OPNsense, has the ETS rules. I forget who provides it, but you turn on a rule set, and they just work. They have a built-in set of rules for Snort and Suricata that you turn on and it provides a reasonable amount of security. That has always been a pain in the neck with pfSense. It's the single biggest thing that they could do to improve it. Honestly, they're losing business OPNsense for that one reason. 

I have used pfSense for at least 10 years.

As long as you don't use bad hardware, it's fine. PfSense has issues with some Realtek network chips. If you use bad hardware and get bad results, it's your own fault. I usually have as much uptime as there is between patches. It's highly solid after reboot other than installing the most recent patch.

I've never used pfSense at the high-end enterprise scale, but it can scale nearly infinitely as far as I can tell. There's a higher-level pfSense that's carrier grade that can handle hundreds of gigabit routing. We've got a Netgate plan and never had any problems. 

We see solid performance no matter what we're running on it. The fact is that it can run on a low-end, low-power fanless ARM CPU for a branch office. PfSense is usable in a lot of situations. It's also extremely scalable, which is also flexible in the sense that you can install it on some random old PC that you have at your house and use it for your home firewall. You can also use it in an enterprise with a multi-gigabit incoming connection and thousands of clients.

I rate Netgate support nine out of 10. I have contacted them a couple of times over the years. Each time I called them, they solved my problem or gave me a workaround within a reasonable time. It seemed like the people I talked to knew what they were doing. Sometimes, you call technical support and end up with first-level tech support who reads off a script. They don't listen to a word that you say and tell you to do all the things you've already done. 

I've been able to get people who ask pertinent questions and ask for logs. They remote into my machine or SSH into the firewall, so I'm happy with it. It was worth the money that we paid when we needed it.

Positive

I have used Smoothwall and OPNsense. Back then, I used to have a weird firewall that I can never remember. If you count OpenWRT, a replacement firmware for Linksys, as a firewall. However, you can't install it on any x86 OS that you want.

It depends on whether the user is familiar with general concepts like putting an ISO on a flash drive and booting off of it using some basic command line. It's very easy if they've installed operating systems before and understand how to boot off a flash drive. Flash the image to a flash drive and boot off it, then follow the prompts. If they don't have that basic experience, I wouldn't tell them to deploy it themselves. I'd tell them to buy a box from Netgate with support. 

That can be tricky if you've never done it or don't understand the concept of moving off of a flash drive and installing an OS. There's not anything Netgate can do about that because there are thousands of different pieces of hardware you can try deploying pfSense to, and pfSense can't give specific detailed instructions for every one of them. That's when you go buy Netgate. 

The first time, it took me days because I had no idea what I was doing. Now, I can set up a pfSense with good basic functionality in an hour. It doesn't take very long. I've probably done it hundreds of times now.

After deployment, you've got to install patches periodically. If you're using Snort or Suricata, you've got to pay attention to those. If you're using pfBlocker, you've got to install patches. If you're not using any of the plugins like Snort, Suricata, pfBlocker, Grid, or any of those sorts of things for advanced functionality, then there isn't any maintenance other than periodically installing your patches like anything else. 

The community edition provides all of the basic functions for free on your own hardware, and pfSense Plus comes with a Netgate appliance. It's a reasonable $200 bucks or so to buy pfSense for your hardware, and then it's $800 or $900 a year for commercial support, which is also reasonable for a firewall.

It's hard to gauge the total cost of ownership because there's a free, open-source version that, if you know a lot about pfSense already, it's almost zero cost. You can run it on any old hardware you've got. If you need support and multi-gigabit IPSec WAN speeds, you'll need to pay for that, but you will with anybody. 

I rate Netgate pfSense eight out of 10. They could polish up a few things, especially regarding IDS/IPS rules. A few interface things are a little more complicated than necessary. 

If you're moving to pfSense from a random Linksys or Netgate router, you need to realize it will be more difficult, and you'll need to learn more about networking concepts than you necessarily had to do with the random router that you've got. It's more complicated like that. 

That's to be expected because you're either a techie kind of person who thinks building your own firewall is fun, and they're willing to spend the time and effort to learn it. Or you want an alternative to FortiGate, Juniper, or whatever, and you want to buy a commercial Netgate product. This is going to be more complicated than the Linksys router I bought for $80 dollars from Best Buy.

We currently use pfSense firewalls at our branch offices and central server locations. I have implemented TAC enterprise support on three of these firewalls, with the installation of the third scheduled for this weekend. Our network infrastructure relies on VPN tunnels between sites, and I have successfully deployed an always-on OpenVPN solution that significantly outperforms our previous SonicWall VPN system.

Installing packages on pfSense is straightforward, although the quality of package documentation varies. While I understand this isn't Netgate's responsibility, the installation and configuration process for these packages is remarkably user-friendly, relying almost entirely on the GUI. In my experience, I've rarely needed to resort to the command line, but I'm certainly not averse to it when necessary.

I immediately recognized the advantages of pfSense. Its ability to support custom hardware installations allows me to tailor solutions to the specific needs of each branch location. While I've had excellent results with Netgate's pre-built hardware, the option to construct higher-specification systems myself, all while maintaining support, is incredibly valuable. The difference compared to our outdated SonicWall is night and day. I previously built a pfSense firewall on a Dell server for a business handling high traffic volumes, and its performance was exceptional.

pfSense helps me prevent data loss by utilizing firewall aliases and other DNS-based filtration methods to block access to shadow IT and third-party cloud data transfer sites, providing some control over data movement.

While pfSense doesn't offer a centralized overview of multiple firewalls, it provides extensive customization options for each firewall's homepage. This allows for detailed monitoring of VPN tunnels, interfaces, and other components. I appreciate the ability to add, remove, and customize widgets on the homepage for tailored information display.

Helps minimize downtime. I have set up the high availability with one location, which works flawlessly.

Provides visibility that enables us to make data-driven decisions about network capacity, including throughput and the ability to handle traffic.

pfSense has significantly improved our performance by optimizing our always-on VPN. The recent release of the OpenVPN data channel offload feature, which was quickly adopted and supported by Netgate pfSense, has revolutionized our Windows laptop VPN solution. This new feature is nearly ten times faster than the previous OpenVPN without data channel offload, and its thorough documentation encouraged us to implement our always-on VPN ahead of schedule.

pfSense's greatest strength lies in its customizable package installation, detailed logging capabilities, and ability to manage log history, including sending it to Vault Logs via Syslog. OpenVPN support is exceptional. When I inquired about setting up an always-on VPN, the engineer swiftly and fully understood my needs and provided expert guidance. Netgate support's in-depth knowledge of included features is truly impressive.

I would like clear guidance on supported network interface cards, including detailed performance metrics for various models. While I understand the focus on selling appliances, more comprehensive documentation for those building their own systems would be beneficial. Specific throughput numbers and other statistics for Intel, Broadcom, Mellanox, and other cards are needed. Additionally, reinstating the ability to visualize long-term RRD data through built-in graphs would be valuable, as the current live traffic display offers limited insights.

I have been using Netgate pfSense for ten years.

I have not experienced any crashes in the production systems. The only crashes I've encountered have been while running unstable development builds, which is expected. However, excluding power outages, pfSense itself has been one hundred percent reliable in my experience.

If you invest in hardware capable of handling increased bandwidth, performance remains unaffected. We haven't observed any spikes in CPU utilization or memory usage. Even with a jump from a 50 megabit to a 500 megabit internet connection and approximately 65 active VPN clients, our firewall operates smoothly without any strain. Our small businesses handle the load effortlessly.

I have exceptionally high praise for the Netgate technical support team. In the three or four times I've called support, I've always reached an engineer within 20 minutes, which was the longest wait time. Every time, they've quickly addressed the issue once verifying firewall support. Their knowledge and willingness to assist are impressive.

Positive

I have experience with FortiGate, Dell, SonicWall, Cisco, and numerous consumer-level firewalls. While I am not the most seasoned network engineer, I have worked in the field for a considerable time, encountering a variety of solutions. Among these, pfSense stands out as exceptionally customizable and intuitive. Given the inherent complexity of networking, pfSense has made the subject as accessible as possible.

Deploying a pfSense box is straightforward when I'm physically present. Remotely guiding someone unfamiliar with operating system deployment presents more challenges. However, on-site deployment is remarkably easy, even simpler than installing a Linux server. 

Deploying a Netgate pfSense appliance is straightforward, even for network engineers without experience with the platform. The setup wizard is intuitive, requiring minimal networking knowledge. Subsequently, the configuration interface is user-friendly, allowing those with moderate networking experience to navigate and manage settings efficiently. Building a custom solution would depend on hardware expertise and operating system deployment skills, but utilizing Netgate appliances is notably easier.

The Netgate appliance I recently purchased took less than an hour to install, with most of that time spent gathering necessary information from the internet provider.

pfSense pricing is reasonable. Whether purchasing appliances or support, I hope they're charging enough to sustain their exceptional support services. Whether you opt for a bundled appliance and support or standalone support for a custom-built device, the pricing remains impressively fair.

When considering the total cost of ownership, pfSense is a compelling choice for a solution that incorporates firewall, VPN, and router functionality. Initially, I explored purchasing the OpenVPN access server, which would have required a virtual machine due to the lack of a dedicated physical server. However, integrating the VPN endpoint into the firewall aligns better with our design goals. It eliminates the need for a separate VPN appliance, resulting in significant cost savings and improved performance. Testing pfSense with OpenVPN in a virtual environment confirmed that it operates more efficiently on bare metal hardware. Moreover, the licensing cost for the OpenVPN access server would have been comparable to the support fees for pfSense.

The TAC enterprise support is $800 a year per firewall.

I would rate Netgate pfSense ten out of ten. If I could choose a product that was among the least frustrating and nearly flawless I've used, pfSense would likely be at the top of my list.

In addition to initial configuration tasks like routing and applying patches, minimal maintenance is required. Once the interfaces are set up, we configure firewall rules and are ready to go. Patching will be necessary for all platforms, but no specific requirements exist beyond standard practices.

I do some consulting work for a couple of organizations on the side, and I have a few personal home lab builds of pfSense, so I use it in both a professional and personal home lab environment. I'm using the community edition and pfSense Plus.

I began seeing the benefits of pfSense immediately. The use cases for pfSense were creating remote VPN servers and satellite offices where remote employees connect. I've been using it for so long now that I have some baseline configurations. When I bring a new site online, I load that default configuration and ship it out to where it's needed. They plug it in, and the system comes online. It's fantastic from that from that perspective.

PfSense gives you much control and visibility into your boundary that helps you identify nefarious actors and things that could lead to eventual data loss.

It helps minimize downtime from a boundary perspective. They have some features. I have used Plus in boot environments quite regularly to test out some things before going live into production, which has been nice because I've made some configuration changes that I regretted. 

The boot environments help you get back into kind of what you had. Both the community and Plus editions have a fantastic configuration export. Your boundary device is relatively static once you can configure it how you need it. You can export those configs relatively easily so that when something goes catastrophically wrong, the hardware fails, or something along those lines, you can reload the configuration onto that device or the replacement device and go about your day. 

One thing I can say about pfSense specifically and the Netgate hardware is that it is not something I worry about from a security or a resiliency perspective. It's stable. It works. I have the ability to forget about it. As an IT professional, I have so many things to worry about daily, and it's incredible to minimize those things. I think pfSense has done a great job in that area.

There's a lot of logging that produces a ton of data I can pull into a data analytics platform and make data-driven decisions about bandwidth increases or changes to firewall rules, intrusion detection rules, or employee access.

It also enables us to optimize performance, one of the biggest things you do when you get a new Internet service provider or a modem replacement or something along those lines. There are tons of tools built into pfSense that let you look at how that's working, and even some tools online that allow you to tailor that experience based on your real-world use case.

In the time that I've used pfSense, I'm continuously blown away by the quality of the product, its attention to security, and all of the features it has. It's easy to use. The web-based interface is great. The tutorials on the website are fantastic. I wouldn't say it's necessarily one feature. It's the full offering of all of the features that make it for me. I use firewalling, intrusion detection, and two of the VPN features: WireGuard and OpenVPN. 

The flexibility is great. PfSense will run on homebrew hardware and Netgate. The interface is excellent on the web and through the console. There's a lot of flexibility through the console. It lets you get into a low bandwidth environment to do the things that you need to do when you're remotely administering some of these things. 

I enjoy the fact that the web interface is customizable. A seldom-used feature is the ability to change to one of several built-in themes. I use those themes to tell which system I'm administering because they're all remote to me, and the interfaces all look the same. I don't have those little tells about changing the colors of certain things. 

Sometimes, it takes some back and forth to figure out which one I'm on. I never thought the themes would be a feature I would use. I use it all the time. The user interface is fantastic and responsive. The tooltips are in the right areas and help you build out your firewall and boundary device.

The ease of deploying and configuring features depends on the feature. Most of their features are designed to be implemented with some basic knowledge level, but some are super-advanced, and you need that knowledge level. They have excellent guides for just about every feature on their website or that's inside pfSense. They're great. They explain all the different things about adding new features and each package's function. I don't think that there has been a feature that I wanted that someone didn't already have a package built for.

I would like to see a better plugin for data analytics. They have some things that you can do, but it's not purpose-built to get data out super easily. That's kind of an advanced feature, and you do have to do some configurations that are a little more advanced than some people might be comfortable with. 

I would also like some type of fleet management, like a dashboard where I can see multiple pfSense and their statuses. I'd also like that to be self-hosted. I don't necessarily want a cloud version of it. I'd like to host that at a parent site and have the satellite offices push their status there. 

I have to manage each of the devices individually. There is no interface where I can manage multiple devices. I wouldn't call it single pane of glass management. It does give me a single pane of glass for everything related to the boundary, including VPN intrusion detection, DNS, DHCP, VPN, and firewall rules. But it doesn't have that fleet management piece. I would love to see something like that.

The last thing that I would like is not a feature. It's Netgate as an organization. I would like more transparency from them when they make some decisions that sometimes appear to be made in a vacuum. Most recently, the change in licensing and some of those things did not go over well in the community in general. I think some transparency from their organization would be valuable to the community at large.

I've been using pfSense for around 15 years.

I rate pfSense 10 out of 10. I have never had a system fail in more than 15 years. I've never had one fail on-site. They are incredibly stable and resilient

PfSense is highly scalable depending on the hardware you buy. Their hardware is well-documented. If you buy a device designed to scale with your business needs, I don't think there would be any issues with that.

I rate Netgate support 10 out of 10. I have never had a bad interaction with any of their folks. They respond quickly, and their answers are always extremely thorough. 

Positive

I used the old m0n0wall, which I migrated away from. I have also used SonicWall and OPNsense in a lab environment and various Cisco and HP devices throughout my career.

PfSense offers the best bang for your buck from a feature and cost perspective. Many other systems have some cool features that either aren't necessary or are significantly more costly than pfSense.

The initial deployment is easy, and it's even easier once you've spent some time with it. If you buy devices from Netgate, they provide you with "zero to ping." 

Even if you have some kind of odd setup or something weird you can't figure out, you can call their technical support, and they will help you get online. They'll even remote into the device to help you get online or solve a problem, which is incredible. 

Now, I have a standard image that I use from a configuration perspective, so it takes me about half an hour. It is typically a one-person job. The only reason why I put a caveat on that is I am fully remote from all the services that I support, so I do need a person on-site to at least plug the thing in, but the rest of the setup is a one-person job. After deployment, it doesn't require any maintenance aside from standard firmware updates. 

I don't like subscription models, and unfortunately, the latestpfSense license, pfSense Plus, went to a yearly subscription model. I think yearly is probably the best of the worst because at least I can pay it once, and be done with it for the year. I would rather see either a one-time cost or something along those lines that would be at that price point. I think the costs for their hardware are reasonable. I wouldn't call them cheap, but I also wouldn't call them expensive. I think the hardware costs are reasonable.

I personally run a couple of black box or white box servers that are custom built using pfSense Plus that I've licensed, but all of the other deployments that I support are devices purchased from Netgate.

I rate Netgate pfSense eight out of 10. I recommend that new pfSense users join the community. PfSense has an active community on Reddit and a community forum. You can also get a copy of the community edition and deploy it to a virtual machine to learn it before you put it into production. You won't be disappointed.